Re: [PATCH] Smack: build when CONFIG_AUDIT not defined

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org,
	James Morris <james.l.morris@oracle.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Paul Moore <paul.moore@hp.com>, Al Viro <viro@zeniv.linux.org.uk>,
	Andi Kleen <ak@linux.intel.com>,
	linux-security-module@vger.kernel.org,
	torvalds@linux-foundation.org
Subject: Re: [PATCH] Smack: build when CONFIG_AUDIT not defined
Date: Tue, 10 Apr 2012 18:41:02 -0400	[thread overview]
Message-ID: <1334097662.22483.17.camel@localhost> (raw)
In-Reply-To: <20120410202644.GA10466@www.outflux.net>

On Tue, 2012-04-10 at 13:26 -0700, Kees Cook wrote:
> This fixes builds where CONFIG_AUDIT is not defined and
> CONFIG_SECURITY_SMACK=y.
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>

Linus I introduced this problem during our little stack space work,
48c62af68a403ef1655546bd3e021070c8508573 , so probably best if you just
grab this one too.

Acked-by: Eric Paris <eparis@redhat.com>

> ---
>  security/smack/smack_lsm.c |   19 +++++++++++++++----
>  1 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 81c03a5..10056f2 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1939,18 +1939,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
>  	char *hostsp;
>  	struct socket_smack *ssp = sk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  
>  	rcu_read_lock();
>  	hostsp = smack_host_label(sap);
>  	if (hostsp != NULL) {
> -		sk_lbl = SMACK_UNLABELED_SOCKET;
>  #ifdef CONFIG_AUDIT
> +		struct lsm_network_audit net;
> +
>  		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  		ad.a.u.net->family = sap->sin_family;
>  		ad.a.u.net->dport = sap->sin_port;
>  		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
>  #endif
> +		sk_lbl = SMACK_UNLABELED_SOCKET;
>  		rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
>  	} else {
>  		sk_lbl = SMACK_CIPSO_SOCKET;
> @@ -2809,11 +2810,14 @@ static int smack_unix_stream_connect(struct sock *sock,
>  	struct socket_smack *osp = other->sk_security;
>  	struct socket_smack *nsp = newsk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  	int rc = 0;
>  
> +#ifdef CONFIG_AUDIT
> +	struct lsm_network_audit net;
> +
>  	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  	smk_ad_setfield_u_net_sk(&ad, other);
> +#endif
>  
>  	if (!capable(CAP_MAC_OVERRIDE))
>  		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
> @@ -2842,11 +2846,14 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
>  	struct socket_smack *ssp = sock->sk->sk_security;
>  	struct socket_smack *osp = other->sk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  	int rc = 0;
>  
> +#ifdef CONFIG_AUDIT
> +	struct lsm_network_audit net;
> +
>  	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  	smk_ad_setfield_u_net_sk(&ad, other->sk);
> +#endif
>  
>  	if (!capable(CAP_MAC_OVERRIDE))
>  		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
> @@ -2993,7 +3000,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
>  	char *csp;
>  	int rc;
>  	struct smk_audit_info ad;
> +#ifdef CONFIG_AUDIT
>  	struct lsm_network_audit net;
> +#endif
>  	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
>  		return 0;
>  
> @@ -3156,7 +3165,9 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
>  	char *sp;
>  	int rc;
>  	struct smk_audit_info ad;
> +#ifdef CONFIG_AUDIT
>  	struct lsm_network_audit net;
> +#endif
>  
>  	/* handle mapped IPv4 packets arriving via IPv6 sockets */
>  	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))

     prev parent reply	other threads:[~2012-04-10 22:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-10 20:26 [PATCH] Smack: build when CONFIG_AUDIT not defined Kees Cook
2012-04-10 22:03 ` Casey Schaufler
2012-04-10 22:41 ` Eric Paris [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1334097662.22483.17.camel@localhost \
    --to=eparis@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=casey@schaufler-ca.com \
    --cc=james.l.morris@oracle.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul.moore@hp.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.